Gentoo Archives: gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/, policy/modules/system/
Date:	Sun, 30 Jan 2022 01:22:50
Message-Id:	`1643505162.8e5c3ef52981f7fe7a093add0ea2e774c4a03367.perfinion@gentoo`

1	commit: 8e5c3ef52981f7fe7a093add0ea2e774c4a03367
2	Author: Kenton Groombridge <me <AT> concord <DOT> sh>
3	AuthorDate: Thu Dec 23 14:54:00 2021 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Sun Jan 30 01:12:42 2022 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8e5c3ef5
7
8	staff, unconfined: allow container user access
9
10	Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
11	Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
12
13	policy/modules/roles/staff.te \| 4 ++++
14	policy/modules/system/unconfined.te \| 4 ++++
15	2 files changed, 8 insertions(+)
16
17	diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
18	index 253869d9..4a4867f7 100644
19	--- a/policy/modules/roles/staff.te
20	+++ b/policy/modules/roles/staff.te
21	@@ -23,6 +23,10 @@ optional_policy(`
22	auditadm_role_change(staff_r)
23	')
24
25	+optional_policy(`
26	+ container_user_role(staff, staff_t, staff_application_exec_domain, staff_r)
27	+')
28	+
29	optional_policy(`
30	dbadm_role_change(staff_r)
31	')
32
33	diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
34	index e30a1197..df6fbdb7 100644
35	--- a/policy/modules/system/unconfined.te
36	+++ b/policy/modules/system/unconfined.te
37	@@ -80,6 +80,10 @@ optional_policy(`
38	bootloader_run(unconfined_t, unconfined_r)
39	')
40
41	+optional_policy(`
42	+ container_user_role(unconfined, unconfined_t, unconfined_application_exec_domain, unconfined_r)
43	+')
44	+
45	optional_policy(`
46	cron_unconfined_role(unconfined, unconfined_t, unconfined_application_exec_domain, unconfined_r)
47	')

Report Message

Find on MARC Find on Google Groups